Illustration: Supimol Kumying | Shutterstock
Tea, one of the world’s most popular dating apps for women, has suffered a major data breach that has exposed approximately 72,000 images from over 13,000 users. The company has officially acknowledged the attack and is currently investigating the breach.
An official statement from the company claims that a “legacy data storage system” was compromised, giving hackers access to a dataset from before February 2024. Overall, the breached dataset contained “approximately 72,000 images, including approximately 13,000 selfies and photo identification submitted by users during account verification and approximately 59,000 images publicly viewable in the app from posts, comments and direct messages.”
The company claims no email addresses or phone numbers were accessed, and only users who signed up before February 2024 were affected. No other information about reactive measures was shared, except the company employed external cybersecurity experts to come in and secure their systems.
No information on the nature of the attack or the cause of the breach was shared either. The official statement simply states that unauthorised access was detected at 6:44 AM PST on July 25. An explanation for how the attack happened claims that some legacy content was not migrated into the company’s new “fortified system.” A hacker gained access to an identifier link where data was stored before February 24, 2024, leading to the breach.
During early development, the app required selfies and IDs as an additional safety measure to ensure only women were signing up for the app. This requirement was later removed in 2023, but the data was originally archived in compliance with law enforcement requirements for cyber-bullying prevention. Tea claims that there’s no evidence to suggest the leaked photos can be linked to specific users within the app.
In the News: Critical US infrastructure faces ransomware attacks
